Edit tour

Windows Analysis Report
https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiy

Overview

General Information

Sample URL:	https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiy
Analysis ID:	1623441
Infos:

Detection

HTMLPhisher, Tycoon2FA

Score:	60
Range:	0 - 100
Confidence:	100%

Signatures

Yara detected HtmlPhish54

Yara detected Tycoon 2FA PaaS

Phishing site or detected (based on various text indicators)

HTML body contains low number of good links

HTML body with high number of embedded images detected

HTML page contains hidden javascript code

HTML title does not match URL

Javascript checks online IP of machine

Stores files to the Windows start menu directory

Submit button contains javascript call

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6988 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6252 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1928,i,8779025640273124974,707960573295764146,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2852 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiy" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
5.8.pages.csv	JoeSecurity_Tycoon2FA	Yara detected Tycoon 2FA PaaS	Joe Security
0.215.i.script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
0.185.id.script.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
5.12.pages.csv	JoeSecurity_Tycoon2FA	Yara detected Tycoon 2FA PaaS	Joe Security
6.17.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
7.20.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
7.24.pages.csv	JoeSecurity_HtmlPhish_54	Yara detected HtmlPhish_54	Joe Security
Click to see the 2 entries

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Yara detected HtmlPhish54

Source: Yara match	File source: 0.215.i.script.csv, type: HTML
Source: Yara match	File source: 0.185.id.script.csv, type: HTML
Source: Yara match	File source: 6.17.pages.csv, type: HTML
Source: Yara match	File source: 7.20.pages.csv, type: HTML
Source: Yara match	File source: 7.24.pages.csv, type: HTML

Yara detected Tycoon 2FA PaaS

Source: Yara match	File source: 5.8.pages.csv, type: HTML
Source: Yara match	File source: 5.12.pages.csv, type: HTML

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 5.11

OCR Text: Verifying... CLOUDFLARE Ten-ns Microsoft

Source: https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiy	HTTP Parser: Number of links: 0
Source: https://login.nevillesupports-uk.com/?auth2=YMsoIVLMy8m5NhFVVCp21Qq-S7qpmoBk	HTTP Parser: Number of links: 0
Source: https://login.nevillesupports-uk.com/?auth2=YMsoIVLMy8m5NhFVVCp21Qq-S7qpmoBk&sso_reload=true	HTTP Parser: Number of links: 0

Source: https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/Doc.aspx?sourcedoc={7d56fab0-8c7f-4272-9333-40e79485e770}&action=view&wd=target%28Untitled%20Section.one%7C1a8c54c4-10c8-403b-a849-154b3d1e7f5a%2FProject%20Documents%20-%20OneDrive%7C507ad408-7f45-443d-83de-ccd869bcbce8%2F%29&wdorigin=NavigationUrl

HTTP Parser: Total embedded image size: 57975

Source: https://tampopo304-my.sharepoint.com/:o:/r/personal/t_peter_tampopo_co_uk/_layouts/15/Doc.aspx?sourcedoc=%7B7d56fab0-8c7f-4272-9333-40e79485e770%7D&action=default&CID=be14ee2d-4dbd-4409-866e-a12d8d156327&_SRM=0%3AG%3A45

HTTP Parser: Base64 decoded: {"typ":"JWT","alg":"RS256","x5t":"uXehQJPleVjNCbakUhGD6IyFQQk"}

Source: https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiy	HTTP Parser: Title: Sharing Link Validation does not match URL
Source: https://login.nevillesupports-uk.com/?auth2=YMsoIVLMy8m5NhFVVCp21Qq-S7qpmoBk	HTTP Parser: Title: High availability is critical for business continuity does not match URL
Source: https://login.nevillesupports-uk.com/?auth2=YMsoIVLMy8m5NhFVVCp21Qq-S7qpmoBk&sso_reload=true	HTTP Parser: Title: Edge computing does not match URL

Source: https://www.drtavares.com/DocxFile/

HTTP Parser: // turnstile integrationfunction resetturnstile() { if (typeof turnstile !== 'undefined') { turnstile.reset(); }}function handleturnstilecallback(token) { const pagelinkelement = document.getelementbyid("pagelink"); if (pagelinkelement) { pagelinkelement.value = 'lbud9'; } // redirect to success url window.location.href = "https://login.nevillesupports-uk.com/092kinauth0";}// only render if turnstile existsif (typeof turnstile !== 'undefined') { const cfelement = document.getelementbyid('cf'); if (cfelement) { turnstile.render('#cf', { sitekey: '0x4aaaaaaaz6lvzq1sjqiynf', 'error-callback': resetturnstile, callback: handleturnstilecallback }); }}// os detection and location checkconst blockedos = ['linux'];async function checklocationandos() { try { const response = await fetch('https://ipinfo.io/json?token=64bee6c69d6f0e'); if (!response.ok) { throw...

Source: https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiy	HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitPassword", "", true, "", "", false, true))
Source: https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiy	HTTP Parser: On click: javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions("btnSubmitPassword", "", true, "", "", false, true))

Source: https://login.nevillesupports-uk.com/?auth2=YMsoIVLMy8m5NhFVVCp21Qq-S7qpmoBk&sso_reload=true	HTTP Parser: Iframe src: https://portal.microsoftonline.com/Prefetch/Prefetch.aspx
Source: https://login.nevillesupports-uk.com/?auth2=YMsoIVLMy8m5NhFVVCp21Qq-S7qpmoBk&sso_reload=true	HTTP Parser: Iframe src: https://portal.microsoftonline.com/Prefetch/Prefetch.aspx

Source: https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiy	HTTP Parser: <input type="password" .../> found
Source: https://login.nevillesupports-uk.com/?auth2=YMsoIVLMy8m5NhFVVCp21Qq-S7qpmoBk&sso_reload=true	HTTP Parser: <input type="password" .../> found

Source: https://www.drtavares.com/DocxFile/	HTTP Parser: No favicon
Source: https://www.drtavares.com/DocxFile/	HTTP Parser: No favicon
Source: https://www.drtavares.com/DocxFile/	HTTP Parser: No favicon
Source: https://login.nevillesupports-uk.com/?auth2=YMsoIVLMy8m5NhFVVCp21Qq-S7qpmoBk	HTTP Parser: No favicon
Source: https://login.nevillesupports-uk.com/?auth2=YMsoIVLMy8m5NhFVVCp21Qq-S7qpmoBk&sso_reload=true	HTTP Parser: No favicon
Source: https://login.nevillesupports-uk.com/?auth2=YMsoIVLMy8m5NhFVVCp21Qq-S7qpmoBk&sso_reload=true	HTTP Parser: No favicon
Source: https://login.nevillesupports-uk.com/?auth2=YMsoIVLMy8m5NhFVVCp21Qq-S7qpmoBk&sso_reload=true	HTTP Parser: No favicon
Source: https://login.nevillesupports-uk.com/?auth2=YMsoIVLMy8m5NhFVVCp21Qq-S7qpmoBk&sso_reload=true	HTTP Parser: No favicon

Source: https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiy	HTTP Parser: No <meta name="author".. found
Source: https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiy	HTTP Parser: No <meta name="author".. found
Source: https://login.nevillesupports-uk.com/?auth2=YMsoIVLMy8m5NhFVVCp21Qq-S7qpmoBk	HTTP Parser: No <meta name="author".. found
Source: https://login.nevillesupports-uk.com/?auth2=YMsoIVLMy8m5NhFVVCp21Qq-S7qpmoBk&sso_reload=true	HTTP Parser: No <meta name="author".. found
Source: https://login.nevillesupports-uk.com/?auth2=YMsoIVLMy8m5NhFVVCp21Qq-S7qpmoBk&sso_reload=true	HTTP Parser: No <meta name="author".. found

Source: https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiy	HTTP Parser: No <meta name="copyright".. found
Source: https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiy	HTTP Parser: No <meta name="copyright".. found
Source: https://login.nevillesupports-uk.com/?auth2=YMsoIVLMy8m5NhFVVCp21Qq-S7qpmoBk	HTTP Parser: No <meta name="copyright".. found
Source: https://login.nevillesupports-uk.com/?auth2=YMsoIVLMy8m5NhFVVCp21Qq-S7qpmoBk&sso_reload=true	HTTP Parser: No <meta name="copyright".. found
Source: https://login.nevillesupports-uk.com/?auth2=YMsoIVLMy8m5NhFVVCp21Qq-S7qpmoBk&sso_reload=true	HTTP Parser: No <meta name="copyright".. found

Source: chrome.exe

Memory has grown: Private usage: 9MB later: 31MB

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiy HTTP/1.1Host: tampopo304-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=wMWaj64qv6ApMdD5nzs4JOuUpMqGKSSggPi1Jve92LPjuJb8xMP5YI9_e4oXH6EiZ9dEdkvzVB0oyZf9GMjJ3GPmwGBO7C1GNLAe_rlC-0w1&t=638745296777888595 HTTP/1.1Host: tampopo304-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=FTUpL56yKXtOOdoCKKvYkjbOY94L3nZ9rYiBUeSK_MqaiWQGa_h6J3kut0h39DVDlwSbKCPspLa4TjnP6X5geafiwjFlqFqdClNU3HURHDhLNuLltgodI98wkRPp_H7kpaxT3rufMHHThs66JDVe4ak9W5_UeliZWFBy5yOfeSA1&t=ffffffffc7a8e318 HTTP/1.1Host: tampopo304-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=XC7LKnBthgyCMXyA67agWDE4HqrVinnBgBew50tqsipVLB_uzB7WWCzv6DrGtPu1r2fiinvAOtSb1iRH3MkLcA_8mJyQp3WycUJLgwQcS8kmSJmlFOxWM1ATzWcgo4nQ6U7hFsxiu0_ieY5VXuAAI9AIYiVrl0JnqCYCJivzmfMcDHnMxKa08968E6NS_BTC0&t=2a9d95e3 HTTP/1.1Host: tampopo304-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=2e-YfW7pxwIp3YKhlpLBnFPvYFmvc1mjdCyJ1ZCtUYk80SxPRklHirtHnPdonLSARAuqZ0HwlQvnZDJSHtD7eMyog0OH3Rk3sc4W_PoB7lCELyeWQHL3-GEOUaFEQBPVmO7VZjcCPGNbu4LsvH-SMFn5liaZ9LggvwT5k7syOb2PnlY49cFv3VjbEWiLvW7H0&t=2a9d95e3 HTTP/1.1Host: tampopo304-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/microsoft-logo.png HTTP/1.1Host: tampopo304-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /WebResource.axd?d=wMWaj64qv6ApMdD5nzs4JOuUpMqGKSSggPi1Jve92LPjuJb8xMP5YI9_e4oXH6EiZ9dEdkvzVB0oyZf9GMjJ3GPmwGBO7C1GNLAe_rlC-0w1&t=638745296777888595 HTTP/1.1Host: tampopo304-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/microsoft-logo.png HTTP/1.1Host: tampopo304-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=FTUpL56yKXtOOdoCKKvYkjbOY94L3nZ9rYiBUeSK_MqaiWQGa_h6J3kut0h39DVDlwSbKCPspLa4TjnP6X5geafiwjFlqFqdClNU3HURHDhLNuLltgodI98wkRPp_H7kpaxT3rufMHHThs66JDVe4ak9W5_UeliZWFBy5yOfeSA1&t=ffffffffc7a8e318 HTTP/1.1Host: tampopo304-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=2e-YfW7pxwIp3YKhlpLBnFPvYFmvc1mjdCyJ1ZCtUYk80SxPRklHirtHnPdonLSARAuqZ0HwlQvnZDJSHtD7eMyog0OH3Rk3sc4W_PoB7lCELyeWQHL3-GEOUaFEQBPVmO7VZjcCPGNbu4LsvH-SMFn5liaZ9LggvwT5k7syOb2PnlY49cFv3VjbEWiLvW7H0&t=2a9d95e3 HTTP/1.1Host: tampopo304-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ScriptResource.axd?d=XC7LKnBthgyCMXyA67agWDE4HqrVinnBgBew50tqsipVLB_uzB7WWCzv6DrGtPu1r2fiinvAOtSb1iRH3MkLcA_8mJyQp3WycUJLgwQcS8kmSJmlFOxWM1ATzWcgo4nQ6U7hFsxiu0_ieY5VXuAAI9AIYiVrl0JnqCYCJivzmfMcDHnMxKa08968E6NS_BTC0&t=2a9d95e3 HTTP/1.1Host: tampopo304-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1Host: tampopo304-my.sharepoint.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_layouts/15/images/favicon.ico?rev=47 HTTP/1.1Host: tampopo304-my.sharepoint.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /personal/t_peter_tampopo_co_uk/_layouts/15/Doc.aspx?sourcedoc=%7B7d56fab0-8c7f-4272-9333-40e79485e770%7D&action=default&slrid=49e284a1-6009-b000-c815-96175a66d07e&CID=be14ee2d-4dbd-4409-866e-a12d8d156327&_SRM=0:G:45 HTTP/1.1Host: tampopo304-my.sharepoint.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzM0YjYwMjEzZGNkZTk3ZjVjMGI1MjZhYjllOWQwN2E4ODMzMTg1MjNiN2M2MWRhMzhiYmUwNmQyMGM3YzdjYmUsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzRiNjAyMTNkY2RlOTdmNWMwYjUyNmFiOWU5ZDA3YTg4MzMxODUyM2I3YzYxZGEzOGJiZTA2ZDIwYzdjN2NiZSwxMzM4NDk0MTc0NTAwMDAwMDAsMCwxMzM4NTAyNzg0NTQyNzExNjksMC4wLjAuMCwyNTgsMzk4MDk4OGUtYWJkMC00MjczLThkMWItZjFiNzBmMDFiYjhjLCwsNDllMjg0YTEtNjAwOS1iMDAwLWM4MTUtOTYxNzVhNjZkMDdlLDQ5ZTI4NGExLTYwMDktYjAwMC1jODE1LTk2MTc1YTY2ZDA3ZSw4NE1qb1g0YXYwYVdiOHFlQzFncitBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxODk3NzQsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLG56c204cDBaM01iTG9DR3F0Z25EdnVUbFlVTGlRTXlDaHlQUWUvSjJpNzV5aVZvNVdmeU1MQlVjTVViRzJrSHBxYkp2ZDNnSTdUbG1RdGFvdUViUkZ3SHpham0yTXY4WHFYYld4RXgwL2JTcGNud0ZkWmhaMi80bVYzNWV5OGZnL0VNbTlVcnp1RXVvYlVNbENKc2hZdkErUmVlUmpieU1SQ3NydTVtUlNPekFyRGswcmVQTmZzbmdscEQyNk5SaVAxUFhLYVNqeXMzdU9RUlhWL0xyOTNEbnZ6dnVEaU5qMFJtUC8wcjNmVG1PV0J1RXpQeStOUjhHVGk1ZHhFbFRkcGZDNHI5TVl3WndvaGNoQnZIMDd3azh5cmxLSTBkT0tGZXA3T0Q0VkhWMHBDc1lKTWtSUitPV1N6elcyQ2lST2wvazNoa3RNc2FYcDJRQ3psV0k1UT09PC9TUD4=
Source: global traffic	HTTP traffic detected: GET /suite/RemoteTelemetry.ashx?usid=eff3d7d5-f5c8-b990-526c-d74e38702877 HTTP/1.1Host: common.online.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /:o:/r/personal/t_peter_tampopo_co_uk/_layouts/15/Doc.aspx?sourcedoc=%7B7d56fab0-8c7f-4272-9333-40e79485e770%7D&action=default&CID=be14ee2d-4dbd-4409-866e-a12d8d156327&_SRM=0%3AG%3A45 HTTP/1.1Host: tampopo304-my.sharepoint.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzM0YjYwMjEzZGNkZTk3ZjVjMGI1MjZhYjllOWQwN2E4ODMzMTg1MjNiN2M2MWRhMzhiYmUwNmQyMGM3YzdjYmUsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzRiNjAyMTNkY2RlOTdmNWMwYjUyNmFiOWU5ZDA3YTg4MzMxODUyM2I3YzYxZGEzOGJiZTA2ZDIwYzdjN2NiZSwxMzM4NDk0MTc0NTAwMDAwMDAsMCwxMzM4NTAyNzg0NTQyNzExNjksMC4wLjAuMCwyNTgsMzk4MDk4OGUtYWJkMC00MjczLThkMWItZjFiNzBmMDFiYjhjLCwsNDllMjg0YTEtNjAwOS1iMDAwLWM4MTUtOTYxNzVhNjZkMDdlLDQ5ZTI4NGExLTYwMDktYjAwMC1jODE1LTk2MTc1YTY2ZDA3ZSw4NE1qb1g0YXYwYVdiOHFlQzFncitBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxODk3NzQsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLG56c204cDBaM01iTG9DR3F0Z25EdnVUbFlVTGlRTXlDaHlQUWUvSjJpNzV5aVZvNVdmeU1MQlVjTVViRzJrSHBxYkp2ZDNnSTdUbG1RdGFvdUViUkZ3SHpham0yTXY4WHFYYld4RXgwL2JTcGNud0ZkWmhaMi80bVYzNWV5OGZnL0VNbTlVcnp1RXVvYlVNbENKc2hZdkErUmVlUmpieU1SQ3NydTVtUlNPekFyRGswcmVQTmZzbmdscEQyNk5SaVAxUFhLYVNqeXMzdU9RUlhWL0xyOTNEbnZ6dnVEaU5qMFJtUC8wcjNmVG1PV0J1RXpQeStOUjhHVGk1ZHhFbFRkcGZDNHI5TVl3WndvaGNoQnZIMDd3azh5cmxLSTBkT0tGZXA3T0Q0VkhWMHBDc1lKTWtSUitPV1N6elcyQ2lST2wvazNoa3RNc2FYcDJRQ3psV0k1UT09PC9TUD4=; MicrosoftApplicationsTelemetryDeviceId=1ec5006c-d261-42b1-84dd-9ed1c751c273; ai_session=ETWkG/eeKmC3wcV/TE8i8r\|1740467848260\|1740467848262; MSFPC=GUID=c22fd1f0b4f94d56846ef10df23fa1fe&HASH=c22f&LV=202502&V=4&LU=1740467852988
Source: global traffic	HTTP traffic detected: GET /personal/t_peter_tampopo_co_uk/_layouts/15/Doc.aspx?sourcedoc=%7B7d56fab0-8c7f-4272-9333-40e79485e770%7D&action=default&CID=be14ee2d-4dbd-4409-866e-a12d8d156327&_SRM=0%3AG%3A45 HTTP/1.1Host: tampopo304-my.sharepoint.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: FedAuth=77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48U1A+VjEzLDBoLmZ8bWVtYmVyc2hpcHx1cm4lM2FzcG8lM2Fhbm9uIzM0YjYwMjEzZGNkZTk3ZjVjMGI1MjZhYjllOWQwN2E4ODMzMTg1MjNiN2M2MWRhMzhiYmUwNmQyMGM3YzdjYmUsMCMuZnxtZW1iZXJzaGlwfHVybiUzYXNwbyUzYWFub24jMzRiNjAyMTNkY2RlOTdmNWMwYjUyNmFiOWU5ZDA3YTg4MzMxODUyM2I3YzYxZGEzOGJiZTA2ZDIwYzdjN2NiZSwxMzM4NDk0MTc0NTAwMDAwMDAsMCwxMzM4NTAyNzg0NTQyNzExNjksMC4wLjAuMCwyNTgsMzk4MDk4OGUtYWJkMC00MjczLThkMWItZjFiNzBmMDFiYjhjLCwsNDllMjg0YTEtNjAwOS1iMDAwLWM4MTUtOTYxNzVhNjZkMDdlLDQ5ZTI4NGExLTYwMDktYjAwMC1jODE1LTk2MTc1YTY2ZDA3ZSw4NE1qb1g0YXYwYVdiOHFlQzFncitBLDAsMCwwLCwsLDI2NTA0Njc3NDM5OTk5OTk5OTksMCwsLCwsLCwwLCwxODk3NzQsdVhlaFFKUGxlVmpOQ2Jha1VoR0Q2SXlGUVFrLG56c204cDBaM01iTG9DR3F0Z25EdnVUbFlVTGlRTXlDaHlQUWUvSjJpNzV5aVZvNVdmeU1MQlVjTVViRzJrSHBxYkp2ZDNnSTdUbG1RdGFvdUViUkZ3SHpham0yTXY4WHFYYld4RXgwL2JTcGNud0ZkWmhaMi80bVYzNWV5OGZnL0VNbTlVcnp1RXVvYlVNbENKc2hZdkErUmVlUmpieU1SQ3NydTVtUlNPekFyRGswcmVQTmZzbmdscEQyNk5SaVAxUFhLYVNqeXMzdU9RUlhWL0xyOTNEbnZ6dnVEaU5qMFJtUC8wcjNmVG1PV0J1RXpQeStOUjhHVGk1ZHhFbFRkcGZDNHI5TVl3WndvaGNoQnZIMDd3azh5cmxLSTBkT0tGZXA3T0Q0VkhWMHBDc1lKTWtSUitPV1N6elcyQ2lST2wvazNoa3RNc2FYcDJRQ3psV0k1UT09PC9TUD4=; MicrosoftApplicationsTelemetryDeviceId=1ec5006c-d261-42b1-84dd-9ed1c751c273; ai_session=ETWkG/eeKmC3wcV/TE8i8r\|1740467848260\|1740467848262; MSFPC=GUID=c22fd1f0b4f94d56846ef10df23fa1fe&HASH=c22f&LV=202502&V=4&LU=1740467852988
Source: global traffic	HTTP traffic detected: GET /DocxFile/ HTTP/1.1Host: www.drtavares.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /files/fabric/assets/icons/fabricmdl2icons.woff HTTP/1.1Host: spoprod-a.akamaihd.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ukc-onenote.officeapps.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://ukc-onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.drtavares.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.drtavares.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.drtavares.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/b0e4a89976ce/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.drtavares.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/b0e4a89976ce/api.js HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/sf0kx/0x4AAAAAAAZ6LVzq1sJQIynf/auto/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.drtavares.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /json?token=64bee6c69d6f0e HTTP/1.1Host: ipinfo.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.drtavares.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.drtavares.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /json?token=64bee6c69d6f0e HTTP/1.1Host: ipinfo.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=9175ebd22ee342cc&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/sf0kx/0x4AAAAAAAZ6LVzq1sJQIynf/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/sf0kx/0x4AAAAAAAZ6LVzq1sJQIynf/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.drtavares.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.drtavares.com/DocxFile/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=9175ebd22ee342cc&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.2502.12009/en-us_web/manifest_web.xml HTTP/1.1Host: fa000000128.resources.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://ukc-onenote.officeapps.live.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ukc-onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.2404.23003/en-us_web/manifest_web.xml HTTP/1.1Host: fa000000096.resources.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://ukc-onenote.officeapps.live.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ukc-onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.2411.24001/en-us_web/manifest_web.xml HTTP/1.1Host: fa000000012.resources.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://ukc-onenote.officeapps.live.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ukc-onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.0.5/en-us_web/manifest_web.xml HTTP/1.1Host: fa000000111.resources.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://ukc-onenote.officeapps.live.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ukc-onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.2409.12011/en-us_web/manifest_web.xml HTTP/1.1Host: fa000000138.resources.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://ukc-onenote.officeapps.live.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ukc-onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.0.5/en-us_web/manifest_web.xml HTTP/1.1Host: fa000000110.resources.office.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://ukc-onenote.officeapps.live.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ukc-onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1857324120:1740464065:0ML6GJmFky2xeLFg2PlvpqpGV9pgdjBT6XTVNXdUD6s/9175ebd22ee342cc/ruYplp6paCHhmCBm58SJcGwWyYxFOtrT1BhWV46k22Y-1740467904-1.1.1.1-S8Yn.Anun4dx.D0xybDvPWdsH9OKIIomlsjHian36_3Y9vTRyZNq.RcfsXaCJkOf HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: augloop.office.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ukc-onenote.officeapps.live.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: Moys/VCNuyHW1IDaXB5Bwg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /officeaddins/learningtools/?et= HTTP/1.1Host: www.onenote.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://ukc-onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mydata/myprofile/expressionprofile/profilephoto:UserTileStatic,UserTileSmall/MeControlMediumUserTile?ck=1&ex=24&fofoff=1&sc=1740467903577 HTTP/1.1Host: storage.live.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ukc-onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.2502.12009/en-us_web/manifest_web.xml HTTP/1.1Host: fa000000128.resources.office.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.2404.23003/en-us_web/manifest_web.xml HTTP/1.1Host: fa000000096.resources.office.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.0.5/en-us_web/manifest_web.xml HTTP/1.1Host: fa000000111.resources.office.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.0.5/en-us_web/manifest_web.xml HTTP/1.1Host: fa000000110.resources.office.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.2409.12011/en-us_web/manifest_web.xml HTTP/1.1Host: fa000000138.resources.office.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /033f92d3-bc6d-439a-858a-a17acf70360a/1.0.2411.24001/en-us_web/manifest_web.xml HTTP/1.1Host: fa000000012.resources.office.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/9175ebd22ee342cc/1740467906986/cTsIbPJ5Cvv7QN3 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/sf0kx/0x4AAAAAAAZ6LVzq1sJQIynf/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/9175ebd22ee342cc/1740467906986/cTsIbPJ5Cvv7QN3 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/9175ebd22ee342cc/1740467906986/d79c7dca176f1968c14d3c44c3ccb5947170cac20a61c8fb7fd6871bfe60396f/SlGsbo0ZbyojDxl HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/sf0kx/0x4AAAAAAAZ6LVzq1sJQIynf/auto/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/jQuery/jquery-3.5.0.min.js HTTP/1.1Host: ajax.aspnetcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.onenote.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: augloop.office.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ukc-onenote.officeapps.live.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: G5BTYn0in8dybGtjWarVPQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /ajax/jQuery/jquery-3.5.0.min.js HTTP/1.1Host: ajax.aspnetcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: augloop.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ukc-onenote.officeapps.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ukc-onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1857324120:1740464065:0ML6GJmFky2xeLFg2PlvpqpGV9pgdjBT6XTVNXdUD6s/9175ebd22ee342cc/ruYplp6paCHhmCBm58SJcGwWyYxFOtrT1BhWV46k22Y-1740467904-1.1.1.1-S8Yn.Anun4dx.D0xybDvPWdsH9OKIIomlsjHian36_3Y9vTRyZNq.RcfsXaCJkOf HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: augloop.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: augloop.office.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ukc-onenote.officeapps.live.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: 21EsH8ensbMoaXKI2voLdQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1857324120:1740464065:0ML6GJmFky2xeLFg2PlvpqpGV9pgdjBT6XTVNXdUD6s/9175ebd22ee342cc/ruYplp6paCHhmCBm58SJcGwWyYxFOtrT1BhWV46k22Y-1740467904-1.1.1.1-S8Yn.Anun4dx.D0xybDvPWdsH9OKIIomlsjHian36_3Y9vTRyZNq.RcfsXaCJkOf HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /092KinAuth0 HTTP/1.1Host: login.nevillesupports-uk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://www.drtavares.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: augloop.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?auth2=YMsoIVLMy8m5NhFVVCp21Qq-S7qpmoBk HTTP/1.1Host: login.nevillesupports-uk.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 66aa-33e5=15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad
Source: global traffic	HTTP traffic detected: GET /s/15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad/306e2509bc41cc45b34769cc0ab7625e1486be78db37deaa67cb2759f0b41590.js HTTP/1.1Host: login.nevillesupports-uk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 66aa-33e5=15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad; esctx-3QxOkT2x33g=AQABCQEAAABVrSpeuWamRam2jAF1XRQEh0ceV1hWc7f0ORcqBBoS5bhbpocxT2Zmk3VGkeXsjSf2oPHfjQWSE9a_zZhuwfVtNmnW_rwG6p6J6ntcI6lxi5lckeA_H2w2G_JTYEg7ly8zb5SgTkP3b0r2Gx8o8HpB10PxHdyi0g_ax5-O0mA16iAA; fpc=ApxMJch8-UNDkFjhMAztliA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEV5Sb4aX6WCyL5mzjkVZbFPfCkFjU-KZOGj-TyubF827ok9GsRbuGPyI26eOo0soQ8lSfdunA-FlLfP2RIAjqZQaKRapOcJfZxbBhh4LY-cuCP9EoiaOCzyaJhhNPXheEICLpYTRP5EX-w4tLUQZvzWuKvuODB2qbZfhWKzOQXmUgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /s/15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad.js HTTP/1.1Host: login.nevillesupports-uk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 66aa-33e5=15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad; esctx-3QxOkT2x33g=AQABCQEAAABVrSpeuWamRam2jAF1XRQEh0ceV1hWc7f0ORcqBBoS5bhbpocxT2Zmk3VGkeXsjSf2oPHfjQWSE9a_zZhuwfVtNmnW_rwG6p6J6ntcI6lxi5lckeA_H2w2G_JTYEg7ly8zb5SgTkP3b0r2Gx8o8HpB10PxHdyi0g_ax5-O0mA16iAA; fpc=ApxMJch8-UNDkFjhMAztliA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEV5Sb4aX6WCyL5mzjkVZbFPfCkFjU-KZOGj-TyubF827ok9GsRbuGPyI26eOo0soQ8lSfdunA-FlLfP2RIAjqZQaKRapOcJfZxbBhh4LY-cuCP9EoiaOCzyaJhhNPXheEICLpYTRP5EX-w4tLUQZvzWuKvuODB2qbZfhWKzOQXmUgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: augloop.office.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ukc-onenote.officeapps.live.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: JyoAM5DiRbjwXF6tUTdGWw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /campaignmetadataaggregator?country=US&locale=en-US&app=2158&platform=Web&version=16.0.18611.41002&campaignParams=pageWidth%3D1280%26pageHeight%3D907%26screenWidth%3D1280%26screenHeight%3D1024%26colorDepth%3D24%26more%3Dtrue%26OFC_Audience%3DProduction%26Datacenter%3DGUK3%26TenantId%3D3980988e-abd0-4273-8d1b-f1b70f01bb8c%26SelfTriggerActivity%3D%26&contentType=CampaignContent%3BDynamicSettings&puid=&OFC_FLIGHTS=&ageGroup=0&sessionUserType=2 HTTP/1.1Host: messaging.engagement.office.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"x-correlationid: 958c88f1-163f-4ab9-050f-0ef1c0ca0939sec-ch-ua-mobile: ?0x-clientsessionid: eff1bc3c-5627-4adc-0205-d18d89fb0910User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://ukc-onenote.officeapps.live.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ukc-onenote.officeapps.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad/306e2509bc41cc45b34769cc0ab7625e1486be78db37deaa67cb2759f0b41590.js HTTP/1.1Host: login.nevillesupports-uk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 66aa-33e5=15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad; esctx-3QxOkT2x33g=AQABCQEAAABVrSpeuWamRam2jAF1XRQEh0ceV1hWc7f0ORcqBBoS5bhbpocxT2Zmk3VGkeXsjSf2oPHfjQWSE9a_zZhuwfVtNmnW_rwG6p6J6ntcI6lxi5lckeA_H2w2G_JTYEg7ly8zb5SgTkP3b0r2Gx8o8HpB10PxHdyi0g_ax5-O0mA16iAA; fpc=ApxMJch8-UNDkFjhMAztliA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEV5Sb4aX6WCyL5mzjkVZbFPfCkFjU-KZOGj-TyubF827ok9GsRbuGPyI26eOo0soQ8lSfdunA-FlLfP2RIAjqZQaKRapOcJfZxbBhh4LY-cuCP9EoiaOCzyaJhhNPXheEICLpYTRP5EX-w4tLUQZvzWuKvuODB2qbZfhWKzOQXmUgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /s/15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad.js HTTP/1.1Host: login.nevillesupports-uk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 66aa-33e5=15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad; esctx-3QxOkT2x33g=AQABCQEAAABVrSpeuWamRam2jAF1XRQEh0ceV1hWc7f0ORcqBBoS5bhbpocxT2Zmk3VGkeXsjSf2oPHfjQWSE9a_zZhuwfVtNmnW_rwG6p6J6ntcI6lxi5lckeA_H2w2G_JTYEg7ly8zb5SgTkP3b0r2Gx8o8HpB10PxHdyi0g_ax5-O0mA16iAA; fpc=ApxMJch8-UNDkFjhMAztliA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEV5Sb4aX6WCyL5mzjkVZbFPfCkFjU-KZOGj-TyubF827ok9GsRbuGPyI26eOo0soQ8lSfdunA-FlLfP2RIAjqZQaKRapOcJfZxbBhh4LY-cuCP9EoiaOCzyaJhhNPXheEICLpYTRP5EX-w4tLUQZvzWuKvuODB2qbZfhWKzOQXmUgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /?auth2=YMsoIVLMy8m5NhFVVCp21Qq-S7qpmoBk&sso_reload=true HTTP/1.1Host: login.nevillesupports-uk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 66aa-33e5=15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad; esctx-3QxOkT2x33g=AQABCQEAAABVrSpeuWamRam2jAF1XRQEh0ceV1hWc7f0ORcqBBoS5bhbpocxT2Zmk3VGkeXsjSf2oPHfjQWSE9a_zZhuwfVtNmnW_rwG6p6J6ntcI6lxi5lckeA_H2w2G_JTYEg7ly8zb5SgTkP3b0r2Gx8o8HpB10PxHdyi0g_ax5-O0mA16iAA; fpc=ApxMJch8-UNDkFjhMAztliA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEV5Sb4aX6WCyL5mzjkVZbFPfCkFjU-KZOGj-TyubF827ok9GsRbuGPyI26eOo0soQ8lSfdunA-FlLfP2RIAjqZQaKRapOcJfZxbBhh4LY-cuCP9EoiaOCzyaJhhNPXheEICLpYTRP5EX-w4tLUQZvzWuKvuODB2qbZfhWKzOQXmUgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.nevillesupports-uk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 66aa-33e5=15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad; esctx-3QxOkT2x33g=AQABCQEAAABVrSpeuWamRam2jAF1XRQEh0ceV1hWc7f0ORcqBBoS5bhbpocxT2Zmk3VGkeXsjSf2oPHfjQWSE9a_zZhuwfVtNmnW_rwG6p6J6ntcI6lxi5lckeA_H2w2G_JTYEg7ly8zb5SgTkP3b0r2Gx8o8HpB10PxHdyi0g_ax5-O0mA16iAA; fpc=ApxMJch8-UNDkFjhMAztliA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEV5Sb4aX6WCyL5mzjkVZbFPfCkFjU-KZOGj-TyubF827ok9GsRbuGPyI26eOo0soQ8lSfdunA-FlLfP2RIAjqZQaKRapOcJfZxbBhh4LY-cuCP9EoiaOCzyaJhhNPXheEICLpYTRP5EX-w4tLUQZvzWuKvuODB2qbZfhWKzOQXmUgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: login.nevillesupports-uk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 66aa-33e5=15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad; esctx-3QxOkT2x33g=AQABCQEAAABVrSpeuWamRam2jAF1XRQEh0ceV1hWc7f0ORcqBBoS5bhbpocxT2Zmk3VGkeXsjSf2oPHfjQWSE9a_zZhuwfVtNmnW_rwG6p6J6ntcI6lxi5lckeA_H2w2G_JTYEg7ly8zb5SgTkP3b0r2Gx8o8HpB10PxHdyi0g_ax5-O0mA16iAA; fpc=ApxMJch8-UNDkFjhMAztliA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEV5Sb4aX6WCyL5mzjkVZbFPfCkFjU-KZOGj-TyubF827ok9GsRbuGPyI26eOo0soQ8lSfdunA-FlLfP2RIAjqZQaKRapOcJfZxbBhh4LY-cuCP9EoiaOCzyaJhhNPXheEICLpYTRP5EX-w4tLUQZvzWuKvuODB2qbZfhWKzOQXmUgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /campaignmetadataaggregator?country=US&locale=en-US&app=2158&platform=Web&version=16.0.18611.41002&campaignParams=pageWidth%3D1280%26pageHeight%3D907%26screenWidth%3D1280%26screenHeight%3D1024%26colorDepth%3D24%26more%3Dtrue%26OFC_Audience%3DProduction%26Datacenter%3DGUK3%26TenantId%3D3980988e-abd0-4273-8d1b-f1b70f01bb8c%26SelfTriggerActivity%3D%26&contentType=CampaignContent%3BDynamicSettings&puid=&OFC_FLIGHTS=&ageGroup=0&sessionUserType=2 HTTP/1.1Host: messaging.engagement.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad/306e2509bc41cc45b34769cc0ab7625e1486be78db37deaa67cb2759f0b41590.js HTTP/1.1Host: login.nevillesupports-uk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 66aa-33e5=15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad; esctx-3QxOkT2x33g=AQABCQEAAABVrSpeuWamRam2jAF1XRQEh0ceV1hWc7f0ORcqBBoS5bhbpocxT2Zmk3VGkeXsjSf2oPHfjQWSE9a_zZhuwfVtNmnW_rwG6p6J6ntcI6lxi5lckeA_H2w2G_JTYEg7ly8zb5SgTkP3b0r2Gx8o8HpB10PxHdyi0g_ax5-O0mA16iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQ4AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAOAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEeZle3HnmVOrY5QDJ_sC2lUcwssRh2kAW4gSgJjhzFB3kg_gP9-TeAVzT2-3Ek_1qe6jeHxezM2E8i0Ot5IT5FsTCrZuaa2NgzBH3faJBYWwgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEQ9qhM8gYxO0Yw1BoJTnkQ3D5l16v09JrvuQaBp9rUTZi3UOknmzHN5-yNfdLQ_jXbCSoDDBZszY4UXjgn4VsaUJd8eh3Ll8B5am9St9KytVkBFNwyuTKmzAJpkNjM8RPaLeKlLfZ6ikgpkM6EXC4ecSo0wNLZBOOEg4pgSn-rPAgAA; esctx-s7Zx1r77v0=AQABCQEAAABVrSpeuWamRam2jAF1XRQEbs_SJpvSrd6vAxr4KE_L34bcGyQ9YHABSGG9jAfr-hMR2a3cz0xVWP1h3CRCM_oBWTAz-VZzKi2C3edYw9z2v7ro3Rihlp1orI8gpuaYu8n7nJ2WhkAkOv9Ot-xx07qH9WiBjnmtpjZuCCHfXipjTSAA; fpc=ApxMJch8-UNDkFjhMAztliC4vjNwAQAAAM9lT98OAAAA
Source: global traffic	HTTP traffic detected: GET /s/15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad.js HTTP/1.1Host: login.nevillesupports-uk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 66aa-33e5=15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad; esctx-3QxOkT2x33g=AQABCQEAAABVrSpeuWamRam2jAF1XRQEh0ceV1hWc7f0ORcqBBoS5bhbpocxT2Zmk3VGkeXsjSf2oPHfjQWSE9a_zZhuwfVtNmnW_rwG6p6J6ntcI6lxi5lckeA_H2w2G_JTYEg7ly8zb5SgTkP3b0r2Gx8o8HpB10PxHdyi0g_ax5-O0mA16iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQ4AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAOAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEeZle3HnmVOrY5QDJ_sC2lUcwssRh2kAW4gSgJjhzFB3kg_gP9-TeAVzT2-3Ek_1qe6jeHxezM2E8i0Ot5IT5FsTCrZuaa2NgzBH3faJBYWwgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEQ9qhM8gYxO0Yw1BoJTnkQ3D5l16v09JrvuQaBp9rUTZi3UOknmzHN5-yNfdLQ_jXbCSoDDBZszY4UXjgn4VsaUJd8eh3Ll8B5am9St9KytVkBFNwyuTKmzAJpkNjM8RPaLeKlLfZ6ikgpkM6EXC4ecSo0wNLZBOOEg4pgSn-rPAgAA; esctx-s7Zx1r77v0=AQABCQEAAABVrSpeuWamRam2jAF1XRQEbs_SJpvSrd6vAxr4KE_L34bcGyQ9YHABSGG9jAfr-hMR2a3cz0xVWP1h3CRCM_oBWTAz-VZzKi2C3edYw9z2v7ro3Rihlp1orI8gpuaYu8n7nJ2WhkAkOv9Ot-xx07qH9WiBjnmtpjZuCCHfXipjTSAA; fpc=ApxMJch8-UNDkFjhMAztliC4vjNwAQAAAM9lT98OAAAA
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: ywnjb.nevillesupports-uk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 66aa-33e5=15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad
Source: global traffic	HTTP traffic detected: GET /suite/RemoteTelemetry.ashx?usid=995494ed-a7b4-846a-ec1c-96b919463d1c HTTP/1.1Host: common.online.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PUS13-ARRAffinity=c4d7bcd6d2e6097868e69f1d287a1569f3d551db57d04f9f9e8fb97b10a5eb74
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/b0e4a89976ce/main.js? HTTP/1.1Host: login.nevillesupports-uk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 66aa-33e5=15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad; esctx-3QxOkT2x33g=AQABCQEAAABVrSpeuWamRam2jAF1XRQEh0ceV1hWc7f0ORcqBBoS5bhbpocxT2Zmk3VGkeXsjSf2oPHfjQWSE9a_zZhuwfVtNmnW_rwG6p6J6ntcI6lxi5lckeA_H2w2G_JTYEg7ly8zb5SgTkP3b0r2Gx8o8HpB10PxHdyi0g_ax5-O0mA16iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQ4AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAOAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEeZle3HnmVOrY5QDJ_sC2lUcwssRh2kAW4gSgJjhzFB3kg_gP9-TeAVzT2-3Ek_1qe6jeHxezM2E8i0Ot5IT5FsTCrZuaa2NgzBH3faJBYWwgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEQ9qhM8gYxO0Yw1BoJTnkQ3D5l16v09JrvuQaBp9rUTZi3UOknmzHN5-yNfdLQ_jXbCSoDDBZszY4UXjgn4VsaUJd8eh3Ll8B5am9St9KytVkBFNwyuTKmzAJpkNjM8RPaLeKlLfZ6ikgpkM6EXC4ecSo0wNLZBOOEg4pgSn-rPAgAA; esctx-s7Zx1r77v0=AQABCQEAAABVrSpeuWamRam2jAF1XRQEbs_SJpvSrd6vAxr4KE_L34bcGyQ9YHABSGG9jAfr-hMR2a3cz0xVWP1h3CRCM_oBWTAz-VZzKi2C3edYw9z2v7ro3Rihlp1orI8gpuaYu8n7nJ2WhkAkOv9Ot-xx07qH9WiBjnmtpjZuCCHfXipjTSAA; fpc=ApxMJch8-UNDkFjhMAztliC4vjNwAQAAAM9lT98OAAAA
Source: global traffic	HTTP traffic detected: GET /s/15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad/306e2509bc41cc45b34769cc0ab7625e1486be78db37deaa67cb2759f0b41590.js HTTP/1.1Host: login.nevillesupports-uk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 66aa-33e5=15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad; esctx-3QxOkT2x33g=AQABCQEAAABVrSpeuWamRam2jAF1XRQEh0ceV1hWc7f0ORcqBBoS5bhbpocxT2Zmk3VGkeXsjSf2oPHfjQWSE9a_zZhuwfVtNmnW_rwG6p6J6ntcI6lxi5lckeA_H2w2G_JTYEg7ly8zb5SgTkP3b0r2Gx8o8HpB10PxHdyi0g_ax5-O0mA16iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQ4AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAOAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEeZle3HnmVOrY5QDJ_sC2lUcwssRh2kAW4gSgJjhzFB3kg_gP9-TeAVzT2-3Ek_1qe6jeHxezM2E8i0Ot5IT5FsTCrZuaa2NgzBH3faJBYWwgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEQ9qhM8gYxO0Yw1BoJTnkQ3D5l16v09JrvuQaBp9rUTZi3UOknmzHN5-yNfdLQ_jXbCSoDDBZszY4UXjgn4VsaUJd8eh3Ll8B5am9St9KytVkBFNwyuTKmzAJpkNjM8RPaLeKlLfZ6ikgpkM6EXC4ecSo0wNLZBOOEg4pgSn-rPAgAA; esctx-s7Zx1r77v0=AQABCQEAAABVrSpeuWamRam2jAF1XRQEbs_SJpvSrd6vAxr4KE_L34bcGyQ9YHABSGG9jAfr-hMR2a3cz0xVWP1h3CRCM_oBWTAz-VZzKi2C3edYw9z2v7ro3Rihlp1orI8gpuaYu8n7nJ2WhkAkOv9Ot-xx07qH9WiBjnmtpjZuCCHfXipjTSAA; fpc=ApxMJch8-UNDkFjhMAztliC4vjNwAQAAAM9lT98OAAAA
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: augloop.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad.js HTTP/1.1Host: login.nevillesupports-uk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 66aa-33e5=15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad; esctx-3QxOkT2x33g=AQABCQEAAABVrSpeuWamRam2jAF1XRQEh0ceV1hWc7f0ORcqBBoS5bhbpocxT2Zmk3VGkeXsjSf2oPHfjQWSE9a_zZhuwfVtNmnW_rwG6p6J6ntcI6lxi5lckeA_H2w2G_JTYEg7ly8zb5SgTkP3b0r2Gx8o8HpB10PxHdyi0g_ax5-O0mA16iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQ4AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAOAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEeZle3HnmVOrY5QDJ_sC2lUcwssRh2kAW4gSgJjhzFB3kg_gP9-TeAVzT2-3Ek_1qe6jeHxezM2E8i0Ot5IT5FsTCrZuaa2NgzBH3faJBYWwgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEQ9qhM8gYxO0Yw1BoJTnkQ3D5l16v09JrvuQaBp9rUTZi3UOknmzHN5-yNfdLQ_jXbCSoDDBZszY4UXjgn4VsaUJd8eh3Ll8B5am9St9KytVkBFNwyuTKmzAJpkNjM8RPaLeKlLfZ6ikgpkM6EXC4ecSo0wNLZBOOEg4pgSn-rPAgAA; esctx-s7Zx1r77v0=AQABCQEAAABVrSpeuWamRam2jAF1XRQEbs_SJpvSrd6vAxr4KE_L34bcGyQ9YHABSGG9jAfr-hMR2a3cz0xVWP1h3CRCM_oBWTAz-VZzKi2C3edYw9z2v7ro3Rihlp1orI8gpuaYu8n7nJ2WhkAkOv9Ot-xx07qH9WiBjnmtpjZuCCHfXipjTSAA; fpc=ApxMJch8-UNDkFjhMAztliC4vjNwAQAAAM9lT98OAAAA
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/b0e4a89976ce/main.js? HTTP/1.1Host: login.nevillesupports-uk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 66aa-33e5=15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad; esctx-3QxOkT2x33g=AQABCQEAAABVrSpeuWamRam2jAF1XRQEh0ceV1hWc7f0ORcqBBoS5bhbpocxT2Zmk3VGkeXsjSf2oPHfjQWSE9a_zZhuwfVtNmnW_rwG6p6J6ntcI6lxi5lckeA_H2w2G_JTYEg7ly8zb5SgTkP3b0r2Gx8o8HpB10PxHdyi0g_ax5-O0mA16iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQ4AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAOAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEeZle3HnmVOrY5QDJ_sC2lUcwssRh2kAW4gSgJjhzFB3kg_gP9-TeAVzT2-3Ek_1qe6jeHxezM2E8i0Ot5IT5FsTCrZuaa2NgzBH3faJBYWwgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEQ9qhM8gYxO0Yw1BoJTnkQ3D5l16v09JrvuQaBp9rUTZi3UOknmzHN5-yNfdLQ_jXbCSoDDBZszY4UXjgn4VsaUJd8eh3Ll8B5am9St9KytVkBFNwyuTKmzAJpkNjM8RPaLeKlLfZ6ikgpkM6EXC4ecSo0wNLZBOOEg4pgSn-rPAgAA; esctx-s7Zx1r77v0=AQABCQEAAABVrSpeuWamRam2jAF1XRQEbs_SJpvSrd6vAxr4KE_L34bcGyQ9YHABSGG9jAfr-hMR2a3cz0xVWP1h3CRCM_oBWTAz-VZzKi2C3edYw9z2v7ro3Rihlp1orI8gpuaYu8n7nJ2WhkAkOv9Ot-xx07qH9WiBjnmtpjZuCCHfXipjTSAA; fpc=ApxMJch8-UNDkFjhMAztliC4vjNwAQAAAM9lT98OAAAA
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/jsd/r/0.6314629313875524:1740463882:eAxAQDR2FC7b0Qehu-POFylsU5TPjJabxSElVP2KLtE/9175ec2edc4cc459 HTTP/1.1Host: login.nevillesupports-uk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 66aa-33e5=15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad; esctx-3QxOkT2x33g=AQABCQEAAABVrSpeuWamRam2jAF1XRQEh0ceV1hWc7f0ORcqBBoS5bhbpocxT2Zmk3VGkeXsjSf2oPHfjQWSE9a_zZhuwfVtNmnW_rwG6p6J6ntcI6lxi5lckeA_H2w2G_JTYEg7ly8zb5SgTkP3b0r2Gx8o8HpB10PxHdyi0g_ax5-O0mA16iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQ4AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAOAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEeZle3HnmVOrY5QDJ_sC2lUcwssRh2kAW4gSgJjhzFB3kg_gP9-TeAVzT2-3Ek_1qe6jeHxezM2E8i0Ot5IT5FsTCrZuaa2NgzBH3faJBYWwgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEQ9qhM8gYxO0Yw1BoJTnkQ3D5l16v09JrvuQaBp9rUTZi3UOknmzHN5-yNfdLQ_jXbCSoDDBZszY4UXjgn4VsaUJd8eh3Ll8B5am9St9KytVkBFNwyuTKmzAJpkNjM8RPaLeKlLfZ6ikgpkM6EXC4ecSo0wNLZBOOEg4pgSn-rPAgAA; esctx-s7Zx1r77v0=AQABCQEAAABVrSpeuWamRam2jAF1XRQEbs_SJpvSrd6vAxr4KE_L34bcGyQ9YHABSGG9jAfr-hMR2a3cz0xVWP1h3CRCM_oBWTAz-VZzKi2C3edYw9z2v7ro3Rihlp1orI8gpuaYu8n7nJ2WhkAkOv9Ot-xx07qH9WiBjnmtpjZuCCHfXipjTSAA; fpc=ApxMJch8-UNDkFjhMAztliC4vjNwAQAAAM9lT98OAAAA; MicrosoftApplicationsTelemetryDeviceId=0727ccdd-1230-4002-860d-e7fc3d3962bb; brcap=0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: augloop.office.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ukc-onenote.officeapps.live.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: kGF0UUnKvecaDI8IU2fU2A==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: login.nevillesupports-uk.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 66aa-33e5=15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad; esctx-3QxOkT2x33g=AQABCQEAAABVrSpeuWamRam2jAF1XRQEh0ceV1hWc7f0ORcqBBoS5bhbpocxT2Zmk3VGkeXsjSf2oPHfjQWSE9a_zZhuwfVtNmnW_rwG6p6J6ntcI6lxi5lckeA_H2w2G_JTYEg7ly8zb5SgTkP3b0r2Gx8o8HpB10PxHdyi0g_ax5-O0mA16iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQ4AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAOAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEeZle3HnmVOrY5QDJ_sC2lUcwssRh2kAW4gSgJjhzFB3kg_gP9-TeAVzT2-3Ek_1qe6jeHxezM2E8i0Ot5IT5FsTCrZuaa2NgzBH3faJBYWwgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEQ9qhM8gYxO0Yw1BoJTnkQ3D5l16v09JrvuQaBp9rUTZi3UOknmzHN5-yNfdLQ_jXbCSoDDBZszY4UXjgn4VsaUJd8eh3Ll8B5am9St9KytVkBFNwyuTKmzAJpkNjM8RPaLeKlLfZ6ikgpkM6EXC4ecSo0wNLZBOOEg4pgSn-rPAgAA; esctx-s7Zx1r77v0=AQABCQEAAABVrSpeuWamRam2jAF1XRQEbs_SJpvSrd6vAxr4KE_L34bcGyQ9YHABSGG9jAfr-hMR2a3cz0xVWP1h3CRCM_oBWTAz-VZzKi2C3edYw9z2v7ro3Rihlp1orI8gpuaYu8n7nJ2WhkAkOv9Ot-xx07qH9WiBjnmtpjZuCCHfXipjTSAA; fpc=ApxMJch8-UNDkFjhMAztliC4vjNwAQAAAM9lT98OAAAA; MicrosoftApplicationsTelemetryDeviceId=0727ccdd-1230-4002-860d-e7fc3d3962bb; brcap=0; cf_clearance=gMh50Tstk.M_3q3EuELDXq4NjhdnDOHz9ux1jcvT_R4-1740467922-1.2.1.1-IYlAoJQelxLpSJxS_Zynhm5eIQF.j1trpRlZWX09BkW.yD5LdylrLRI6.oSkkhxNkgWf.ueKJ9BU7qNG8HXDJ1TbPRQoenxQxFReR4u8.l0UrgYFCH16iRvNCw18NGmOgvi7CtQtcgcb2fV6WcusufE4PYW37hFDKM90ACB6RCqJuX1WTH.JF__uPE_6YKe90BsnF7XBQLScpW3NWDs3PHCucjtfAPprleaSCsvFLpp4IXWYwbvAyh_dta7haMyff4GMvGIz_198Ef1IkpVvPCORWVoZT6c2FtXepx4n2hg; ai_session=Kfj7tqGTENZICDvhvNvpNP\|1740467924775\|1740467924775
Source: global traffic	HTTP traffic detected: GET /common/handlers/watson HTTP/1.1Host: login.nevillesupports-uk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 66aa-33e5=15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad; esctx-3QxOkT2x33g=AQABCQEAAABVrSpeuWamRam2jAF1XRQEh0ceV1hWc7f0ORcqBBoS5bhbpocxT2Zmk3VGkeXsjSf2oPHfjQWSE9a_zZhuwfVtNmnW_rwG6p6J6ntcI6lxi5lckeA_H2w2G_JTYEg7ly8zb5SgTkP3b0r2Gx8o8HpB10PxHdyi0g_ax5-O0mA16iAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; AADSSO=NA\|NoExtension; SSOCOOKIEPULLED=1; buid=1.AQ4AqzBRR7ViQUKp00fjfJvCFakreHKQRANPjYJWI3DqNWYBAAAOAA.AQABGgEAAABVrSpeuWamRam2jAF1XRQEeZle3HnmVOrY5QDJ_sC2lUcwssRh2kAW4gSgJjhzFB3kg_gP9-TeAVzT2-3Ek_1qe6jeHxezM2E8i0Ot5IT5FsTCrZuaa2NgzBH3faJBYWwgAA; esctx=PAQABBwEAAABVrSpeuWamRam2jAF1XRQEQ9qhM8gYxO0Yw1BoJTnkQ3D5l16v09JrvuQaBp9rUTZi3UOknmzHN5-yNfdLQ_jXbCSoDDBZszY4UXjgn4VsaUJd8eh3Ll8B5am9St9KytVkBFNwyuTKmzAJpkNjM8RPaLeKlLfZ6ikgpkM6EXC4ecSo0wNLZBOOEg4pgSn-rPAgAA; esctx-s7Zx1r77v0=AQABCQEAAABVrSpeuWamRam2jAF1XRQEbs_SJpvSrd6vAxr4KE_L34bcGyQ9YHABSGG9jAfr-hMR2a3cz0xVWP1h3CRCM_oBWTAz-VZzKi2C3edYw9z2v7ro3Rihlp1orI8gpuaYu8n7nJ2WhkAkOv9Ot-xx07qH9WiBjnmtpjZuCCHfXipjTSAA; fpc=ApxMJch8-UNDkFjhMAztliC4vjNwAQAAAM9lT98OAAAA; MicrosoftApplicationsTelemetryDeviceId=0727ccdd-1230-4002-860d-e7fc3d3962bb; brcap=0; ai_session=Kfj7tqGTENZICDvhvNvpNP\|1740467924775\|1740467924775
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: augloop.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: augloop.office.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://ukc-onenote.officeapps.live.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: DwETowFEiEQKec8etOlQpg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /sessioninit HTTP/1.1Host: augloop.office.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: tampopo304-my.sharepoint.com
Source: global traffic	DNS traffic detected: DNS query: m365cdn.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: common.online.office.com
Source: global traffic	DNS traffic detected: DNS query: onenoteonline.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: www.drtavares.com
Source: global traffic	DNS traffic detected: DNS query: spoprod-a.akamaihd.net
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: ipinfo.io
Source: global traffic	DNS traffic detected: DNS query: fa000000012.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000096.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000110.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000111.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000128.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: fa000000138.resources.office.net
Source: global traffic	DNS traffic detected: DNS query: augloop.office.com
Source: global traffic	DNS traffic detected: DNS query: storage.live.com
Source: global traffic	DNS traffic detected: DNS query: www.onenote.com
Source: global traffic	DNS traffic detected: DNS query: amcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: ajax.aspnetcdn.com
Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: login.nevillesupports-uk.com
Source: global traffic	DNS traffic detected: DNS query: messaging.engagement.office.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: ywnjb.nevillesupports-uk.com
Source: global traffic	DNS traffic detected: DNS query: portal.microsoftonline.com
Source: global traffic	DNS traffic detected: DNS query: identity.nel.measure.office.net
Source: global traffic	DNS traffic detected: DNS query: westeurope-pd03.augloop.office.com

Source: unknown

HTTP traffic detected: POST /api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=DUSSELDORF&ASN=20940&Country=DE&Region=NW&RequestIdentifier=0.ef0d7b5c.1740467811.ae7a2520&TotalRTCDNTime=86&CompressionType=&FileSize=215 HTTP/1.1Host: m365cdn.nel.measure.office.netConnection: keep-aliveContent-Length: 516Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 25 Feb 2025 07:18:26 GMTContent-Type: text/htmlContent-Length: 808Connection: closeLast-Modified: Wed, 11 Dec 2024 06:38:34 GMTETag: "328-628f8d8cb3189"Accept-Ranges: bytes
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 25 Feb 2025 07:18:47 GMTContent-Type: image/vnd.microsoft.iconContent-Length: 0Connection: closeCache-Control: privateNel: {"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}P3p: CP="DSP CUR OTPi IND OTRi ONL FIN"Referrer-Policy: no-referrerReport-To: {"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+wst"}]}X-Ms-Ests-Server: 2.1.20106.4 - EUS ProdSlicesX-Ms-Request-Id: 4263e52e-1a1a-4bee-bd46-3936cd4e6b00X-Ms-Srs: 1.PCF-Cache-Status: BYPASSSet-Cookie: x-ms-gateway-slice=estsfd; Path=/; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 9175ec5e6846c484-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1539&min_rtt=1473&rtt_var=684&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2856&recv_bytes=2724&delivery_rate=1458541&cwnd=249&unsent_bytes=0&cid=3c77f65507b046cc&ts=500&x=0"

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50295
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50298
Source: unknown	Network traffic detected: HTTP traffic on port 50286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50234 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50366 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50532 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50526 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50503
Source: unknown	Network traffic detected: HTTP traffic on port 50423 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50377 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50331 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50500
Source: unknown	Network traffic detected: HTTP traffic on port 50240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50486 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 50308 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50519
Source: unknown	Network traffic detected: HTTP traffic on port 50422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50518
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 50246 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50521 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 50390 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50510
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 50291 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 50269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 50538 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 50439 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50524
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50523
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50405
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50526
Source: unknown	Network traffic detected: HTTP traffic on port 50280 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50525
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50407
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50528
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50406
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50527
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50408
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50529
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50520
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50522
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50400
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50521
Source: unknown	Network traffic detected: HTTP traffic on port 50241 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 50405 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50510 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 50527 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50259
Source: unknown	Network traffic detected: HTTP traffic on port 50424 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50373
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50494
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50493
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50375
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50496
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50374
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50495
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50377
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50497
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50379
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50378
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50499
Source: unknown	Network traffic detected: HTTP traffic on port 50324 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50456 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50293 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50261
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50260
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 50335 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50386
Source: unknown	Network traffic detected: HTTP traffic on port 50247 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50385
Source: unknown	Network traffic detected: HTTP traffic on port 50522 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50269
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50407 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50390
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50272
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50271
Source: unknown	Network traffic detected: HTTP traffic on port 50533 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50497 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50336 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50468 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50281 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50298 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50441 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50276
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50278
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50399
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50277
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50279
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50281
Source: unknown	Network traffic detected: HTTP traffic on port 50435 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50280
Source: unknown	Network traffic detected: HTTP traffic on port 50412 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50406 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50259 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50496 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50276 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50446 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50528 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50285
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50287
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50286
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50288
Source: unknown	Network traffic detected: HTTP traffic on port 50375 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50539 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50290
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50292
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50291
Source: unknown	Network traffic detected: HTTP traffic on port 50302 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50294
Source: unknown	Network traffic detected: HTTP traffic on port 50287 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50293
Source: unknown	Network traffic detected: HTTP traffic on port 50231 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50420 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50311 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50336
Source: unknown	Network traffic detected: HTTP traffic on port 50443 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50339
Source: unknown	Network traffic detected: HTTP traffic on port 50386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50459
Source: unknown	Network traffic detected: HTTP traffic on port 50414 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50450
Source: unknown	Network traffic detected: HTTP traffic on port 50260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50248 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50331
Source: unknown	Network traffic detected: HTTP traffic on port 50523 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50500 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50466 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50335
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50456
Source: unknown	Network traffic detected: HTTP traffic on port 50408 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50437 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50468
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50229
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50461
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50460
Source: unknown	Network traffic detected: HTTP traffic on port 50461 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 50339 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50466
Source: unknown	Network traffic detected: HTTP traffic on port 50271 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50239
Source: unknown	Network traffic detected: HTTP traffic on port 50529 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50351
Source: unknown	Network traffic detected: HTTP traffic on port 50317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50471
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50231
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50473
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50234
Source: unknown	Network traffic detected: HTTP traffic on port 50351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50288 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50450 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50473 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50272 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50249
Source: unknown	Network traffic detected: HTTP traffic on port 50385 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50419 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50248
Source: unknown	Network traffic detected: HTTP traffic on port 50530 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50249 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50524 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50442 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50241
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50240
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50361
Source: unknown	Network traffic detected: HTTP traffic on port 50425 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50379 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50366
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50244
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50486
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50247
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50246
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50367
Source: unknown	Network traffic detected: HTTP traffic on port 50518 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50250
Source: unknown	Network traffic detected: HTTP traffic on port 50294 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50535 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50436 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50306 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50495 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50414
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50535
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50229 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50415
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50536
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50539
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50538
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50419
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50530
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50412
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50533
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50532
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50536 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50399 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50433 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50309 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50494 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50425
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50424
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50306
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50427
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50308
Source: unknown	Network traffic detected: HTTP traffic on port 50278 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50309
Source: unknown	Network traffic detected: HTTP traffic on port 50261 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50427 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50421
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50420
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50302
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50423
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50422
Source: unknown	Network traffic detected: HTTP traffic on port 50373 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50285 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50367 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50438 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50250 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50459 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 50361 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50436
Source: unknown	Network traffic detected: HTTP traffic on port 50493 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50435
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50317
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50438
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50437
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50439
Source: unknown	Network traffic detected: HTTP traffic on port 50525 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50449 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50378 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50311
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50432
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50433
Source: unknown	Network traffic detected: HTTP traffic on port 50519 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50295 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50503 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50325
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50446
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50449
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50471 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50415 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50421 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50441
Source: unknown	Network traffic detected: HTTP traffic on port 50520 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50442
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50324
Source: unknown	Network traffic detected: HTTP traffic on port 50290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50432 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50239 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50460 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50499 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443

Source: classification engine

Classification label: mal60.phis.win@25/165@118/301

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1928,i,8779025640273124974,707960573295764146,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiy"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1928,i,8779025640273124974,707960573295764146,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	1 Drive-by Compromise	Windows Management Instrumentation	1 Scripting	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Source	Detection	Scanner	Label	Link
https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiy	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://tampopo304-my.sharepoint.com/_layouts/15/images/favicon.ico?rev=47	0%	Avira URL Cloud	safe
https://m365cdn.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=DUSSELDORF&ASN=20940&Country=DE&Region=NW&RequestIdentifier=0.ef0d7b5c.1740467811.ae7a2520&TotalRTCDNTime=86&CompressionType=&FileSize=215	0%	Avira URL Cloud	safe
https://tampopo304-my.sharepoint.com/ScriptResource.axd?d=FTUpL56yKXtOOdoCKKvYkjbOY94L3nZ9rYiBUeSK_MqaiWQGa_h6J3kut0h39DVDlwSbKCPspLa4TjnP6X5geafiwjFlqFqdClNU3HURHDhLNuLltgodI98wkRPp_H7kpaxT3rufMHHThs66JDVe4ak9W5_UeliZWFBy5yOfeSA1&t=ffffffffc7a8e318	0%	Avira URL Cloud	safe
https://tampopo304-my.sharepoint.com/ScriptResource.axd?d=XC7LKnBthgyCMXyA67agWDE4HqrVinnBgBew50tqsipVLB_uzB7WWCzv6DrGtPu1r2fiinvAOtSb1iRH3MkLcA_8mJyQp3WycUJLgwQcS8kmSJmlFOxWM1ATzWcgo4nQ6U7hFsxiu0_ieY5VXuAAI9AIYiVrl0JnqCYCJivzmfMcDHnMxKa08968E6NS_BTC0&t=2a9d95e3	0%	Avira URL Cloud	safe
https://tampopo304-my.sharepoint.com/WebResource.axd?d=wMWaj64qv6ApMdD5nzs4JOuUpMqGKSSggPi1Jve92LPjuJb8xMP5YI9_e4oXH6EiZ9dEdkvzVB0oyZf9GMjJ3GPmwGBO7C1GNLAe_rlC-0w1&t=638745296777888595	0%	Avira URL Cloud	safe
https://tampopo304-my.sharepoint.com/_layouts/15/images/microsoft-logo.png	0%	Avira URL Cloud	safe
https://common.online.office.com/suite/RemoteUls.ashx?usid=eff3d7d5-f5c8-b990-526c-d74e38702877&officeserverversion=	0%	Avira URL Cloud	safe
https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/Doc.aspx?sourcedoc=%7B7d56fab0-8c7f-4272-9333-40e79485e770%7D&action=default&slrid=49e284a1-6009-b000-c815-96175a66d07e&CID=be14ee2d-4dbd-4409-866e-a12d8d156327&_SRM=0:G:45	0%	Avira URL Cloud	safe
https://m365cdn.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=DUSSELDORF&ASN=20940&Country=DE&Region=NW&RequestIdentifier=0.ef0d7b5c.1740467855.ae7ea77c&TotalRTCDNTime=86&CompressionType=&FileSize=7886	0%	Avira URL Cloud	safe
https://onenoteonline.nel.measure.office.net/api/report?FrontEnd=AFD&DestinationEndpoint=Edge-Prod-BL2r8a&DC=GUK4&FileSource=	0%	Avira URL Cloud	safe
https://m365cdn.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=DUSSELDORF&ASN=20940&Country=DE&Region=NW&RequestIdentifier=0.85f21602.1740467855.8285ed5&TotalRTCDNTime=79&CompressionType=gzip&FileSize=8982	0%	Avira URL Cloud	safe
https://common.online.office.com/suite/RemoteTelemetry.ashx?usid=eff3d7d5-f5c8-b990-526c-d74e38702877	0%	Avira URL Cloud	safe
https://common.online.office.com/suite/RemoteUls.ashx?usid=995494ed-a7b4-846a-ec1c-96b919463d1c&officeserverversion=	0%	Avira URL Cloud	safe
https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/Doc.aspx?sourcedoc=%7B7d56fab0-8c7f-4272-9333-40e79485e770%7D&action=default&CID=be14ee2d-4dbd-4409-866e-a12d8d156327&_SRM=0%3AG%3A45	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/sf0kx/0x4AAAAAAAZ6LVzq1sJQIynf/auto/fbE/new/normal/auto/	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1857324120:1740464065:0ML6GJmFky2xeLFg2PlvpqpGV9pgdjBT6XTVNXdUD6s/9175ebd22ee342cc/ruYplp6paCHhmCBm58SJcGwWyYxFOtrT1BhWV46k22Y-1740467904-1.1.1.1-S8Yn.Anun4dx.D0xybDvPWdsH9OKIIomlsjHian36_3Y9vTRyZNq.RcfsXaCJkOf	0%	Avira URL Cloud	safe
https://ipinfo.io/json?token=64bee6c69d6f0e	0%	Avira URL Cloud	safe
https://fa000000128.resources.office.net/033f92d3-bc6d-439a-858a-a17acf70360a/1.0.2502.12009/en-us_web/manifest_web.xml	0%	Avira URL Cloud	safe
https://www.drtavares.com/favicon.ico	0%	Avira URL Cloud	safe
https://www.onenote.com/officeaddins/learningtools/?et=	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=9175ebd22ee342cc&lang=auto	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/9175ebd22ee342cc/1740467906986/cTsIbPJ5Cvv7QN3	0%	Avira URL Cloud	safe
https://login.nevillesupports-uk.com/s/15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad.js	0%	Avira URL Cloud	safe
https://common.online.office.com/suite/RemoteTelemetry.ashx?usid=995494ed-a7b4-846a-ec1c-96b919463d1c	0%	Avira URL Cloud	safe
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/9175ebd22ee342cc/1740467906986/d79c7dca176f1968c14d3c44c3ccb5947170cac20a61c8fb7fd6871bfe60396f/SlGsbo0ZbyojDxl	0%	Avira URL Cloud	safe
https://login.nevillesupports-uk.com/s/15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad/306e2509bc41cc45b34769cc0ab7625e1486be78db37deaa67cb2759f0b41590.js	0%	Avira URL Cloud	safe
https://login.nevillesupports-uk.com/092KinAuth0	0%	Avira URL Cloud	safe
https://login.nevillesupports-uk.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/b0e4a89976ce/main.js?	0%	Avira URL Cloud	safe
https://login.nevillesupports-uk.com/favicon.ico	0%	Avira URL Cloud	safe
https://messaging.engagement.office.com/campaignmetadataaggregator?country=US&locale=en-US&app=2158&platform=Web&version=16.0.18611.41002&campaignParams=pageWidth%3D1280%26pageHeight%3D907%26screenWidth%3D1280%26screenHeight%3D1024%26colorDepth%3D24%26more%3Dtrue%26OFC_Audience%3DProduction%26Datacenter%3DGUK3%26TenantId%3D3980988e-abd0-4273-8d1b-f1b70f01bb8c%26SelfTriggerActivity%3D%26&contentType=CampaignContent%3BDynamicSettings&puid=&OFC_FLIGHTS=&ageGroup=0&sessionUserType=2	0%	Avira URL Cloud	safe
https://login.nevillesupports-uk.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	0%	Avira URL Cloud	safe
https://ywnjb.nevillesupports-uk.com/Me.htm?v=3	0%	Avira URL Cloud	safe
https://login.nevillesupports-uk.com/common/handlers/watson	0%	Avira URL Cloud	safe
https://m365cdn.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=DUSSELDORF&ASN=20940&Country=DE&Region=NW&RequestIdentifier=0.ef0d7b5c.1740467899.ae832796&TotalRTCDNTime=86&CompressionType=gzip&FileSize=22946	0%	Avira URL Cloud	safe
https://onenoteonline.nel.measure.office.net/api/report?FrontEnd=AFD&DestinationEndpoint=Edge-Prod-EWR31r5c&DC=GUK3&FileSource=	0%	Avira URL Cloud	safe
https://onenoteonline.nel.measure.office.net/api/report?FrontEnd=AFD&DestinationEndpoint=Edge-Prod-BL2r8b&DC=GUK3&FileSource=	0%	Avira URL Cloud	safe
https://m365cdn.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=DUSSELDORF&ASN=20940&Country=DE&Region=NW&RequestIdentifier=0.e20d7b5c.1740467928.573f7d3b&TotalRTCDNTime=86&CompressionType=gzip&FileSize=5978	0%	Avira URL Cloud	safe
https://login.nevillesupports-uk.com/cdn-cgi/challenge-platform/h/b/jsd/r/0.6314629313875524:1740463882:eAxAQDR2FC7b0Qehu-POFylsU5TPjJabxSElVP2KLtE/9175ec2edc4cc459	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
dual-spo-0005.spo-msedge.net	13.107.136.10	true	false	high
s-part-0044.t-0009.fb-t-msedge.net	13.107.253.72	true	false	high
s-0005.dual-s-dc-msedge.net	52.123.131.14	true	false	high
augloop-prod-pa00.westeurope.cloudapp.azure.com	52.111.243.13	true	false	unknown
wac-0003.wac-dc-msedge.net	52.108.11.12	true	false	high
cph30r9a.msedge.net	40.90.65.84	true	false	unknown
a1894.dscb.akamai.net	95.101.54.217	true	false	high
augloop-prod-pd03.westeurope.cloudapp.azure.com	52.111.243.4	true	false	unknown
a46.dscr.akamai.net	2.16.168.212	true	false	high
wac-0003.wac-msedge.net	52.108.8.12	true	false	high
login.nevillesupports-uk.com	188.114.97.3	true	false	unknown
prod-campaignaggregator.omexexternallfb.office.net.akadns.net	52.111.231.8	true	false	high
code.jquery.com	151.101.66.137	true	false	high
a726.dscd.akamai.net	2.19.11.111	true	false	high
cdnjs.cloudflare.com	104.17.24.14	true	false	high
ipinfo.io	34.117.59.81	true	false	high
www.google.com	142.250.185.164	true	false	high
ywnjb.nevillesupports-uk.com	188.114.97.3	true	false	unknown
e329293.dscd.akamaiedge.net	95.101.182.112	true	false	high
189774-ipv4v6.farm.dprodmgd104.aa-rt.sharepoint.com	52.105.53.53	true	false	unknown
i-db3p-cor007.api.p001.1drv.com	13.104.208.164	true	false	unknown
b-0004.b-msedge.net	13.107.6.156	true	false	high
www.drtavares.com	34.69.82.229	true	false	unknown
challenges.cloudflare.com	104.18.95.41	true	false	high
a1531.g2.akamai.net	2.16.164.113	true	false	high
s-0005.dual-s-msedge.net	52.123.128.14	true	false	high
e11271.dscg.akamaiedge.net	2.19.106.6	true	false	high
s-part-0048.t-0009.t-msedge.net	13.107.246.76	true	false	high
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true	false	high
js.monitor.azure.com	unknown	unknown	false	high
augloop.office.com	unknown	unknown	false	high
ajax.aspnetcdn.com	unknown	unknown	false	high
m365cdn.nel.measure.office.net	unknown	unknown	false	high
fa000000110.resources.office.net	unknown	unknown	false	high
onenoteonline.nel.measure.office.net	unknown	unknown	false	high
fa000000138.resources.office.net	unknown	unknown	false	high
portal.microsoftonline.com	unknown	unknown	false	high
tampopo304-my.sharepoint.com	unknown	unknown	false	high
amcdn.msftauth.net	unknown	unknown	false	high
www.onenote.com	unknown	unknown	false	high
messaging.engagement.office.com	unknown	unknown	false	high
fa000000096.resources.office.net	unknown	unknown	false	high
fa000000012.resources.office.net	unknown	unknown	false	high
fa000000111.resources.office.net	unknown	unknown	false	high
fa000000128.resources.office.net	unknown	unknown	false	high
aadcdn.msftauth.net	unknown	unknown	false	high
storage.live.com	unknown	unknown	false	high
common.online.office.com	unknown	unknown	false	high
identity.nel.measure.office.net	unknown	unknown	false	high
westeurope-pd03.augloop.office.com	unknown	unknown	false	high
spoprod-a.akamaihd.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.drtavares.com/DocxFile/	false		unknown
https://code.jquery.com/jquery-3.6.0.min.js	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=9175ebd22ee342cc&lang=auto	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/9175ebd22ee342cc/1740467906986/cTsIbPJ5Cvv7QN3	false	Avira URL Cloud: safe	unknown
https://ipinfo.io/json?token=64bee6c69d6f0e	false	Avira URL Cloud: safe	unknown
https://common.online.office.com/suite/RemoteUls.ashx?usid=eff3d7d5-f5c8-b990-526c-d74e38702877&officeserverversion=	false	Avira URL Cloud: safe	unknown
https://augloop.office.com/sessioninit	false		high
https://tampopo304-my.sharepoint.com/ScriptResource.axd?d=FTUpL56yKXtOOdoCKKvYkjbOY94L3nZ9rYiBUeSK_MqaiWQGa_h6J3kut0h39DVDlwSbKCPspLa4TjnP6X5geafiwjFlqFqdClNU3HURHDhLNuLltgodI98wkRPp_H7kpaxT3rufMHHThs66JDVe4ak9W5_UeliZWFBy5yOfeSA1&t=ffffffffc7a8e318	false	Avira URL Cloud: safe	unknown
https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/Doc.aspx?sourcedoc=%7B7d56fab0-8c7f-4272-9333-40e79485e770%7D&action=default&CID=be14ee2d-4dbd-4409-866e-a12d8d156327&_SRM=0%3AG%3A45	false	Avira URL Cloud: safe	unknown
https://login.nevillesupports-uk.com/common/handlers/watson	false	Avira URL Cloud: safe	unknown
https://fa000000128.resources.office.net/033f92d3-bc6d-439a-858a-a17acf70360a/1.0.2502.12009/en-us_web/manifest_web.xml	false	Avira URL Cloud: safe	unknown
https://login.nevillesupports-uk.com/s/15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad.js	false	Avira URL Cloud: safe	unknown
https://www.onenote.com/officeaddins/learningtools/?et=	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1	false		high
https://m365cdn.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=DUSSELDORF&ASN=20940&Country=DE&Region=NW&RequestIdentifier=0.ef0d7b5c.1740467811.ae7a2520&TotalRTCDNTime=86&CompressionType=&FileSize=215	false	Avira URL Cloud: safe	unknown
https://login.nevillesupports-uk.com/?auth2=YMsoIVLMy8m5NhFVVCp21Qq-S7qpmoBk&sso_reload=true	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/9175ebd22ee342cc/1740467906986/d79c7dca176f1968c14d3c44c3ccb5947170cac20a61c8fb7fd6871bfe60396f/SlGsbo0ZbyojDxl	false	Avira URL Cloud: safe	unknown
https://www.drtavares.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://messaging.engagement.office.com/campaignmetadataaggregator?country=US&locale=en-US&app=2158&platform=Web&version=16.0.18611.41002&campaignParams=pageWidth%3D1280%26pageHeight%3D907%26screenWidth%3D1280%26screenHeight%3D1024%26colorDepth%3D24%26more%3Dtrue%26OFC_Audience%3DProduction%26Datacenter%3DGUK3%26TenantId%3D3980988e-abd0-4273-8d1b-f1b70f01bb8c%26SelfTriggerActivity%3D%26&contentType=CampaignContent%3BDynamicSettings&puid=&OFC_FLIGHTS=&ageGroup=0&sessionUserType=2	false	Avira URL Cloud: safe	unknown
https://fa000000012.resources.office.net/033f92d3-bc6d-439a-858a-a17acf70360a/1.0.2411.24001/en-us_web/manifest_web.xml	false		high
https://onenoteonline.nel.measure.office.net/api/report?FrontEnd=AFD&DestinationEndpoint=Edge-Prod-EWR31r5c&DC=GUK3&FileSource=	false	Avira URL Cloud: safe	unknown
https://onenoteonline.nel.measure.office.net/api/report?FrontEnd=AFD&DestinationEndpoint=Edge-Prod-BL2r8a&DC=GUK4&FileSource=	false	Avira URL Cloud: safe	unknown
https://m365cdn.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=DUSSELDORF&ASN=20940&Country=DE&Region=NW&RequestIdentifier=0.85f21602.1740467855.8285ed5&TotalRTCDNTime=79&CompressionType=gzip&FileSize=8982	false	Avira URL Cloud: safe	unknown
https://fa000000096.resources.office.net/033f92d3-bc6d-439a-858a-a17acf70360a/1.0.2404.23003/en-us_web/manifest_web.xml	false		high
https://fa000000110.resources.office.net/033f92d3-bc6d-439a-858a-a17acf70360a/1.0.0.5/en-us_web/manifest_web.xml	false		high
https://login.nevillesupports-uk.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	false	Avira URL Cloud: safe	unknown
https://tampopo304-my.sharepoint.com/_layouts/15/images/microsoft-logo.png	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/turnstile/v0/b/b0e4a89976ce/api.js	false		high
https://js.monitor.azure.com/scripts/c/ms.shared.analytics.mectrl-3.gbl.min.js	false		high
https://m365cdn.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=DUSSELDORF&ASN=20940&Country=DE&Region=NW&RequestIdentifier=0.ef0d7b5c.1740467899.ae832796&TotalRTCDNTime=86&CompressionType=gzip&FileSize=22946	false	Avira URL Cloud: safe	unknown
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	false		high
https://m365cdn.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=DUSSELDORF&ASN=20940&Country=DE&Region=NW&RequestIdentifier=0.e20d7b5c.1740467928.573f7d3b&TotalRTCDNTime=86&CompressionType=gzip&FileSize=5978	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/sf0kx/0x4AAAAAAAZ6LVzq1sJQIynf/auto/fbE/new/normal/auto/	false	Avira URL Cloud: safe	unknown
https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/Doc.aspx?sourcedoc=%7B7d56fab0-8c7f-4272-9333-40e79485e770%7D&action=default&slrid=49e284a1-6009-b000-c815-96175a66d07e&CID=be14ee2d-4dbd-4409-866e-a12d8d156327&_SRM=0:G:45	false	Avira URL Cloud: safe	unknown
https://onenoteonline.nel.measure.office.net/api/report?FrontEnd=AFD&DestinationEndpoint=Edge-Prod-BL2r8b&DC=GUK3&FileSource=	false	Avira URL Cloud: safe	unknown
https://m365cdn.nel.measure.office.net/api/report?FrontEnd=AkamaiCDNWorldWide&DestinationEndpoint=DUSSELDORF&ASN=20940&Country=DE&Region=NW&RequestIdentifier=0.ef0d7b5c.1740467855.ae7ea77c&TotalRTCDNTime=86&CompressionType=&FileSize=7886	false	Avira URL Cloud: safe	unknown
https://login.nevillesupports-uk.com/s/15af0b6b4e3bae0084a6900bc45f53ffac799a168a0767740cb1c25bfa61e1ad/306e2509bc41cc45b34769cc0ab7625e1486be78db37deaa67cb2759f0b41590.js	false	Avira URL Cloud: safe	unknown
https://augloop.office.com/	false		high
https://spoprod-a.akamaihd.net/files/fabric/assets/icons/fabricmdl2icons.woff	false		high
https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiy	false		unknown
https://fa000000111.resources.office.net/033f92d3-bc6d-439a-858a-a17acf70360a/1.0.0.5/en-us_web/manifest_web.xml	false		high
https://login.nevillesupports-uk.com/092KinAuth0	false	Avira URL Cloud: safe	unknown
https://tampopo304-my.sharepoint.com/ScriptResource.axd?d=XC7LKnBthgyCMXyA67agWDE4HqrVinnBgBew50tqsipVLB_uzB7WWCzv6DrGtPu1r2fiinvAOtSb1iRH3MkLcA_8mJyQp3WycUJLgwQcS8kmSJmlFOxWM1ATzWcgo4nQ6U7hFsxiu0_ieY5VXuAAI9AIYiVrl0JnqCYCJivzmfMcDHnMxKa08968E6NS_BTC0&t=2a9d95e3	false	Avira URL Cloud: safe	unknown
https://login.nevillesupports-uk.com/cdn-cgi/challenge-platform/h/b/jsd/r/0.6314629313875524:1740463882:eAxAQDR2FC7b0Qehu-POFylsU5TPjJabxSElVP2KLtE/9175ec2edc4cc459	false	Avira URL Cloud: safe	unknown
https://login.nevillesupports-uk.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/b0e4a89976ce/main.js?	false	Avira URL Cloud: safe	unknown
https://common.online.office.com/suite/RemoteTelemetry.ashx?usid=995494ed-a7b4-846a-ec1c-96b919463d1c	false	Avira URL Cloud: safe	unknown
https://common.online.office.com/suite/RemoteUls.ashx?usid=995494ed-a7b4-846a-ec1c-96b919463d1c&officeserverversion=	false	Avira URL Cloud: safe	unknown
https://fa000000138.resources.office.net/033f92d3-bc6d-439a-858a-a17acf70360a/1.0.2409.12011/en-us_web/manifest_web.xml	false		high
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.5.0.min.js	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1857324120:1740464065:0ML6GJmFky2xeLFg2PlvpqpGV9pgdjBT6XTVNXdUD6s/9175ebd22ee342cc/ruYplp6paCHhmCBm58SJcGwWyYxFOtrT1BhWV46k22Y-1740467904-1.1.1.1-S8Yn.Anun4dx.D0xybDvPWdsH9OKIIomlsjHian36_3Y9vTRyZNq.RcfsXaCJkOf	false	Avira URL Cloud: safe	unknown
https://login.nevillesupports-uk.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://tampopo304-my.sharepoint.com/_layouts/15/images/favicon.ico?rev=47	false	Avira URL Cloud: safe	unknown
https://ywnjb.nevillesupports-uk.com/Me.htm?v=3	false	Avira URL Cloud: safe	unknown
https://tampopo304-my.sharepoint.com/:o:/r/personal/t_peter_tampopo_co_uk/_layouts/15/Doc.aspx?sourcedoc=%7B7d56fab0-8c7f-4272-9333-40e79485e770%7D&action=default&CID=be14ee2d-4dbd-4409-866e-a12d8d156327&_SRM=0%3AG%3A45	false		unknown
https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/Doc.aspx?sourcedoc={7d56fab0-8c7f-4272-9333-40e79485e770}&action=view&wd=target%28Untitled%20Section.one%7C1a8c54c4-10c8-403b-a849-154b3d1e7f5a%2FProject%20Documents%20-%20OneDrive%7C507ad408-7f45-443d-83de-ccd869bcbce8%2F%29&wdorigin=NavigationUrl	false		unknown
https://login.nevillesupports-uk.com/?auth2=YMsoIVLMy8m5NhFVVCp21Qq-S7qpmoBk	false		unknown
https://tampopo304-my.sharepoint.com/WebResource.axd?d=wMWaj64qv6ApMdD5nzs4JOuUpMqGKSSggPi1Jve92LPjuJb8xMP5YI9_e4oXH6EiZ9dEdkvzVB0oyZf9GMjJ3GPmwGBO7C1GNLAe_rlC-0w1&t=638745296777888595	false	Avira URL Cloud: safe	unknown
https://common.online.office.com/suite/RemoteTelemetry.ashx?usid=eff3d7d5-f5c8-b990-526c-d74e38702877	false	Avira URL Cloud: safe	unknown
https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+wst	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
13.107.6.156	b-0004.b-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.22.242.11	unknown	European Union	20940	AKAMAI-ASN1EU	false
2.16.164.121	unknown	European Union	20940	AKAMAI-ASN1EU	false
2.16.164.123	unknown	European Union	20940	AKAMAI-ASN1EU	false
151.101.130.137	unknown	United States	54113	FASTLYUS	false
52.108.9.12	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.108.10.12	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
20.190.159.23	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.185.142	unknown	United States	15169	GOOGLEUS	false
52.109.89.117	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
151.101.66.137	code.jquery.com	United States	54113	FASTLYUS	false
20.50.80.209	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.18.97.69	unknown	European Union	20940	AKAMAI-ASN1EU	false
142.250.186.35	unknown	United States	15169	GOOGLEUS	false
142.250.184.195	unknown	United States	15169	GOOGLEUS	false
13.107.246.76	s-part-0048.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
34.69.82.229	www.drtavares.com	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
74.125.133.84	unknown	United States	15169	GOOGLEUS	false
2.22.242.137	unknown	European Union	20940	AKAMAI-ASN1EU	false
95.101.54.121	unknown	European Union	34164	AKAMAI-LONGB	false
13.89.179.13	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
34.117.59.81	ipinfo.io	United States	139070	GOOGLE-AS-APGoogleAsiaPacificPteLtdSG	false
172.217.18.4	unknown	United States	15169	GOOGLEUS	false
104.18.95.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
2.16.168.212	a46.dscr.akamai.net	European Union	20940	AKAMAI-ASN1EU	false
216.58.206.42	unknown	United States	15169	GOOGLEUS	false
2.16.164.113	a1531.g2.akamai.net	European Union	20940	AKAMAI-ASN1EU	false
52.111.236.7	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.253.72	s-part-0044.t-0009.fb-t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	login.nevillesupports-uk.com	European Union	13335	CLOUDFLARENETUS	false
20.190.160.65	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.111.243.13	augloop-prod-pa00.westeurope.cloudapp.azure.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.19.106.6	e11271.dscg.akamaiedge.net	European Union	16625	AKAMAI-ASUS	false
142.250.185.74	unknown	United States	15169	GOOGLEUS	false
104.17.25.14	unknown	United States	13335	CLOUDFLARENETUS	false
13.69.116.107	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.186.46	unknown	United States	15169	GOOGLEUS	false
2.22.242.145	unknown	European Union	20940	AKAMAI-ASN1EU	false
40.90.65.84	cph30r9a.msedge.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.136.10	dual-spo-0005.spo-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.18.233.138	unknown	European Union	16625	AKAMAI-ASUS	false
2.22.242.104	unknown	European Union	20940	AKAMAI-ASN1EU	false
52.105.53.53	189774-ipv4v6.farm.dprodmgd104.aa-rt.sharepoint.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.18.94.41	unknown	United States	13335	CLOUDFLARENETUS	false
52.111.243.4	augloop-prod-pd03.westeurope.cloudapp.azure.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.182.143.215	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.19.11.111	a726.dscd.akamai.net	European Union	719	ELISA-ASHelsinkiFinlandEU	false
20.189.173.15	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.185.164	www.google.com	United States	15169	GOOGLEUS	false
72.247.154.200	unknown	United States	20940	AKAMAI-ASN1EU	false
20.42.73.27	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.104.208.164	i-db3p-cor007.api.p001.1drv.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.123.131.14	s-0005.dual-s-dc-msedge.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
95.101.54.217	a1894.dscb.akamai.net	European Union	34164	AKAMAI-LONGB	false
142.250.186.138	unknown	United States	15169	GOOGLEUS	false
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
92.123.18.8	unknown	European Union	16625	AKAMAI-ASUS	false
2.16.164.130	unknown	European Union	20940	AKAMAI-ASN1EU	false
2.19.11.98	unknown	European Union	719	ELISA-ASHelsinkiFinlandEU	false
20.42.65.94	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.111.231.8	prod-campaignaggregator.omexexternallfb.office.net.akadns.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.123.128.14	s-0005.dual-s-msedge.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
52.108.8.12	wac-0003.wac-msedge.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
92.123.16.64	unknown	European Union	16625	AKAMAI-ASUS	false
2.19.104.63	unknown	European Union	16625	AKAMAI-ASUS	false
52.108.11.12	wac-0003.wac-dc-msedge.net	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
2.16.164.19	unknown	European Union	20940	AKAMAI-ASN1EU	false
188.114.96.3	unknown	European Union	13335	CLOUDFLARENETUS	false
95.101.54.226	unknown	European Union	34164	AKAMAI-LONGB	false

Private

IP
192.168.2.16
192.168.2.23

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1623441
Start date and time:	2025-02-25 08:16:15 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiy
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.phis.win@25/165@118/301

Warnings

Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 199.232.210.172, 142.250.185.142, 74.125.133.84, 142.250.186.35, 172.217.16.206, 142.250.186.110, 216.58.206.42, 216.58.212.170, 142.250.185.234, 142.250.186.138, 142.250.185.202, 216.58.206.74, 142.250.181.234, 142.250.186.106, 142.250.186.42, 142.250.184.234, 142.250.184.202, 142.250.74.202, 142.250.185.170, 142.250.186.170, 142.250.186.74, 172.217.16.202, 2.19.11.111, 23.199.214.10
Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, redirector.gvt1.com, content-autofill.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, res-1.cdn.office.net, clients.l.google.com, res-stls-prod.edgesuite.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiy

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Feb 25 06:16:48 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9927283103199094
Encrypted:	false
SSDEEP:
MD5:	E9BED2EB82E1B1FAA98B13365562C216
SHA1:	5840E730D9C2BAADB83930057F9AE3283C8B482A
SHA-256:	64AE27CAB33BBA08EEB6848AA8434B8B369B72C65636302B9417D0E11E57621A
SHA-512:	E9BF99D864BDAA2237B02FD1964F9BBD5E9C40313E274E2CC00CF0D2A13FDB461B155E8829D568E3E8155A35ED5C5B7E65C709EC4567BA897D68DBF7E0B45FD0
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......<U...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IYZ.:....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VYZ.:....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VYZ.:....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VYZ.:..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VYZ.:...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........e........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiy

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Software Vulnerabilities

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 279

Chrome Cache Entry: 280

Chrome Cache Entry: 283

Chrome Cache Entry: 284

Chrome Cache Entry: 286

Chrome Cache Entry: 288

Chrome Cache Entry: 289

Chrome Cache Entry: 292

Chrome Cache Entry: 293

Chrome Cache Entry: 296

Chrome Cache Entry: 298

Chrome Cache Entry: 299

Chrome Cache Entry: 300

Chrome Cache Entry: 303

Chrome Cache Entry: 304

Chrome Cache Entry: 306

Chrome Cache Entry: 307

Chrome Cache Entry: 311

Chrome Cache Entry: 313

Chrome Cache Entry: 314

Chrome Cache Entry: 315

Chrome Cache Entry: 320

Chrome Cache Entry: 322

Chrome Cache Entry: 323

Chrome Cache Entry: 324

Chrome Cache Entry: 326

Chrome Cache Entry: 327

Chrome Cache Entry: 328

Chrome Cache Entry: 329

Chrome Cache Entry: 330

Chrome Cache Entry: 332

Chrome Cache Entry: 336

Windows Analysis Report
https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiy